My old central air conditioning & heating system was replaced by a Bryant Evolution high efficiency system with the Evolution® Connex™ Control Model SYSTXBBECC01-A. The Connex thermostat is connected to my home WiFi network which enables:

After registering for an account on the MyEvolution web portal for remote access to the WiFi thermostat, I installed the MyEvolution Connex app on my Apple iPhone. Within minutes I had remote access to the thermostat from my iPhone at home or away via the Internet.

The Connex iPhone app is almost identical to the Connex wall control/thermostat. I can view and change nearly everything from the iPhone app except for the wall control Time & Date, which it obtains from the Bryant server via the Internet based on my zip code & time zone. I sat my iPhone on the Connex thermostat to show the user interface similarities in the following photos.

The Home Screen shows the room temperature, weather forecast and status (cooling, heating or blank if the system is idle):

Bryant Evolution Connex WiFi Thermostat and iPhone App – Home Screen

Touching the Home screen on both devices brings up the Main menu:

Bryant Evolution Connex WiFi Thermostat and iPhone App – Main Menu

Touching “menu” at the lower right corner of the display brings up the Menu screen with applets for comfort profiles, schedules, vacation, status, etc:

Bryant Evolution Connex WiFi Thermostat and iPhone App – Menu Screen

Touching the “operating status” icon above displays what the system is doing. At the moment the 5 stage (speed) air conditioner compressor is running at 100% and the fan is On. I don’t have a humidifier or outdoor air ventilator on my system:

The smartphone app and wall control work great! The iPhone app is very convenient, no more going upstairs to change the temperature. Especially when I change the downstairs system setting on my 2nd system and need to synch the two so the house is the same temperature throughout.

Evolution Connex Wall Control WiFi Connectivity

The Connex WiFi connectivity works well although it seems to have some WiFi sensitivities where it’s slow making the initial connection and the radio isn’t the strongest.

The Connex wall control is located in the hallway on the left wall under the attic folding stairs about 15 feet away from my UniFi AP-AC WiFi access point:

UniFi Access Point – Drywall Ceiling Mount

Examining the Connex wall control in the UniFi Controller reveals it uses a Redpine Signals WiFi module with a bandwidth of 1Mbps (megabits/sec) and currently has a signal strength of 52%:

UniFi WiFi Controller Device Statistics

52% signal strength translates to 4 out of 5 signal bars on the wall control display. I expected the signal strength to be stronger given it’s only 14 feet from the WiFi access point. By contrast other devices placed next to the wall control have 70% signal and 5 bars. If you’re having issues considering installing a WiFi range extender near the Connex wall control.

Bryant Connex WiFi Wall Control Operation

I have a Ubiquiti EdgeRouter with firewall rules that block all incoming traffic from the Internet unless it’s in response to request originated by a device in my network. I was curious how the MyEvolution Connex iPhone app is able to update the wall control settings when I’m away from home? The app can’t be talking directly to the thermostat because unsolicited Internet connections are blocked.

To figure out how the Connex wall control and iPhone app worked I configured port mirroring on my router and analyzed the network traffic with WireShark.

Before going into a lot of technical details, I learned the Connex app and wall control operates as follows:

Changes made by through the MyEvolution web portal or smartphone app are written to the Bryant servers.

The Connex wall control polls the Bryant MyEvolution API Server roughly every 30 seconds to send status updates and check if any settings have been updated via the MyEvolution web portal, smartphone app or Amazon Alexa.

The wall control downloads the latest settings and applies the changes.

The new system status is sent by the wall control to the Bryant servers.

I chose to have an e-mail notice sent to me anytime a setting is changed, whether manually at the wall control or remotely.

Because the wall control is polling (originating traffic from my network) to the Bryant servers it’s allowed by my firewall rules. The following diagram illustrates the communications processes:

MyEvolution Connex app on iTunes

The MyEvolution Connex app has a 2 out of 5 star rating as of this writing (June 2017). It’s a full featured app and I really like it. Now that I understand how the wall control, servers and apps work together I suspect the reason for the poor reviews are connectivity problems with remote Internet, in-home WiFi or not understanding the roughly 30 second polling cycle. If you’re having problems changing the thermostat check the following:

Is the wall control WiFi signal good?

Do you have a reliable Internet connection on your smartphone when away?

It takes roughly 30 seconds for the wall control to poll the Bryant server for changes. After making changes via the App be sure to return to the previous screen so it’s not waiting for additional user inputs.

The compressor has a “3.5 minute time delay after last cycle, initial power up, return from brown-out condition.” See page 7 of the 189BNV Service Manual. The delay is to protect the compressor from rapid start/stop cycles (slamming).

Have you enabled the change confirmation e-mail option in the MyEvolution web portal?

Depending on the system status it could be 4+ minutes before temperature setting changes are effected. In my experience changes take effect in under 1 minute including receipt of the confirmation e-mail.

Internet of Things (IoT) devices tend to have a poor track record regarding security vulnerabilities and data exposure issues. I examined the WireShark packet traces and found the Connex system has some outdated security and data exposure risks. I don’t plan to stop using the product but the gaps should be corrected.

Connex WiFi Wall Control Security & Data Exposure

Note that OAuth only protects your MyEvolution user name and password login credentials.

All traffic is transmitted as plain text over insecure HTTP.

This is vulnerable to Man in the Middle attacks where an attacker could intercept and modify the wall control settings. For example, an attacker could turn Off the heat causing the water pipes to freeze and burst in the winter.

Recall that OAuth does not detect or prevent the XML message payload with the control settings from being modified. More on XML later.

Leaks non-personally identifiable information including the Zip Code, Date/Time and all system serial numbers, PIN, status & operating parameters and my Ubiquiti EdgeRouter MAC Address. An adversary could learn about your habits from the Home, Away, Sleep and Vacation schedules.

Software updates are required to fix the wall control and API server vulnerabilites:

Implement OAuth 1.0a or better 2.0. The 1.0a specification was released in 2009. Oauth 2.0 was published in 2012.

Secure wall control traffic with HTTPS (HTTP over TLS) instead of plain text HTTP for security and privacy. This will also encrypt the OAuth headers.

HTTP POST Systems Method

The Systems POST sends the wall control serial #, configuration, zones, schedule and your zip code to the server in XML format. XML is easier to read if properly indented to show the nested structure but that was lost with copy & paste here:

Next the Connex wall control sends PIN, firmware version, model and serial numbers of the wall control, outdoor condenser and furnace. I’m thinking with since this data uploaded to the API server that feeds the MyEvolution web portal shouldn’t the product warranty registration be automatic? Since I have all the model and serial numbers it here it can just copy & paste it in the registration website.

Bob, have you tried changing and saving the dns server settings under “advanced”? My setting changes won’t stick. I changed the dns server settings because the thermostat doesn’t reliably connect to the Bryan back end servers. Thanks

Not a bad idea to configure the thermostat’s DNS to point to Google DNS (8.8.8.8, 8.8.4.4) or other public DNS of your choice.

I have a rather advanced home network configuration and configured my thermostat DNS settings to point to my EdgeRouter 4 at 10.10.0.1 (a private IP address).

The EdgeRouter is the DNS server for the LAN network and forwards non-local requests to a public DNS server.

I’ve also experience occasional problems where one of my thermostats wouldn’t reliably connect to the Bryant API servers. One of my two devices was fine for a couple of months but then it lost registration with the Bryant server for a couple of days although WiFi connectivity was good. Then with no changes on my part, the thermostat registered and I had remote access again.

One thing that drives me nuts about this system and therefore I cannot recommend it…if does not allow you override and set the temperature below 50F/10C. So if you are a snowbird and want to leave your house slightly cooler than 50F while away, you cannot. I’d find another heating solution until they allow this wifi controller to do this!

I had a new Bryant furnace installed a few weeks ago, with the myevolution system and thermostat. Worked great on installation, the interface on the app isn’t the best, but functionally everything operated just fine. A couple weeks ago however I lost the ability to connect to the myevolution server, rendering the app useless. Between the manufacturer, my installer, and my cable internet provider, I am not able to get a resolution to this problem. So I’m fishing a bit to find some help, and happened across your interesting write-up on the Bryant thermostat and system. I have a dual band broadband router that supports both 2.4 GHz and 5 GHz channels. Bryant is telling me I have an issue with my router, my cable provider is saying Bryant has an issue with their Server, and my installer has no clue how to help me. Should I be looking at a different router that is more compatible, could there be another issue here I should be focused in on? Appreciate any help from the forum on troubleshooting.

The problem is likely with WiFi signal strength or something with the router. What is the make/model of your router?

My Connex thermostats only support 2.4 Ghz WiFi. The thermostat connects the Bryant server at www.app-api.eng.bryant.com which is hosted on the Microsoft Azure cloud platform (Azure is similar to AWS). DNS dig results:

In a web browser, go to http://www.app-api.eng.bryant.com. The browser should display: “You do not have permission to view this directory or page.” This verifies your router isn’t blocking access to the API server. If the browser times out then your router has a firewall feature that’s blocking access to the server.

Have you checked the Connex diagnostics?A. Tap the WiFi icon at the top right of the Connex home screen. “Network Status” and “MyEvolution Server” should be show “connected”.

If both of the above are connected:B. Tap the “Menu” at the bottom right of the home screen. * Scroll down to the “wireless” icon and tap it. * WiFi -> advanced settings –> wifi diagnostics * last 10 wifi events * server packet status

These will show any communication errors. I see the occasional “lost connection to server” with a reconnect; so this apparently is not unusual.

If the network and server are not connected per step A above, then troubleshoot WiFi and router.

1 – Move the WiFi router closer to the Connex. 2 – If you can’t move the router, reorient the WiFi antennas if it has external antennas. Antenna signal strength shaped like doughnut. The strongest signal is found when the client device is directly to the side of the antenna: client device – signal – ( | ) WiFi router, where ( ) are the strongest signals and | is the antenna. 3 – Log into the router and hopefully it has a WiFi client signal strength and connectivity report. 4 – Power cycle the Connex by turning off the furnace switch. This looks like a light switch near the furnace that controls power to the air handler. The Connex runs on 24 VAC supplied by the furnace control board.

If all else fails, get a Linksys WRT54G Wireless-G Router (used ones sell for $10 to $20 on Amazon) and temporarily swap it for your existing router. I keep an old WRT54G around when I need a basic WiFi router for troubleshooting.